The second principle is that Mr. Putin ordered the group’s sites down. If so, it would be a signal to heal. Biden’s warning, which he also gave, in general terms, when the two leaders met in Geneva on 16 June. It will come a day or two before a virtual meeting of the US-Russia working group on the issue, formed during the Geneva meeting, is supposed to take place.

The third theory is that Revel decided that the heat was too intense, and he took the sites down so as not to get caught in the crossfire between the American and Russian presidents. U.S. Darkside, another Russian-based group, did the same after a ransom vehicle attack on the company, Colonial Pipeline, had to shut down a pipeline supplying gasoline and jet fuel to the East Coast in May after its computer network was breached. .

But many experts believe that Darkside’s business venture was nothing more than a digital theater, and that all of the group’s key rhinestone talent would be reunited under a different name. If so, the same could happen with Revil, which records Massachusetts-based cybersecurity company Future, which is estimated to be responsible for a quarter of all sophisticated ransomware attacks on Western targets. .

Alan Liska, a senior intelligence analyst at Record Future, said that if Reveal had disappeared, he suspected it was voluntary. “If anything, these individuals are bragdosios,” Mr. Liska said. “And we have no notes, no arrogance. He feels confident that they leave everything under pressure. “

There were suggestions that the pressure may have come from Russia. Commander of the United States Cyber ​​Command and Director General of the National Security Agency. Many officials said Paul M. Nakaso did not expect full options for U.S. action against the rinsomware actors by the end of this week. And there is no evidence that Revel’s sites were “confiscated” by a court order, which the Justice Department always posts.

Cyber ​​Command declined to comment.

While for now Mr. Reveal will stop. Putin and Mr. Given a chance to show they were facing a problem, it could also give Rinsomware artists a chance to walk away with their win. The biggest losers will be companies and towns that don’t get their encryption keys, and are hacked from their data, perhaps forever. (Often when ransomware groups break up, they release their decryption keys. That didn’t happen on Tuesday.)

Mr. Biden expects to formulate a rinsomware strategy next week, making the case that the Colonial Pipeline and other recent attacks show how critical critical infrastructure formation is a major threat to national security.